Hello developers,
One off our applications requires that the users logs into
the machine (secure), than starts an application and this
application makes an back-connect to the client-machine.
That sounds exactly like x11 but it works different and
it needs an x11 like mechanism but not so special.
The current source wouldt give the possibility to generate
and backconnect with -R "0:otto:9999" because the bind with
0 as port gives an autoallocated nonreserved port over 1024,
but unfortunately there is an test
if (port < IPPORT_RESERVED && !is_root)
in the source, that revokes this.
With an little patch for this and an little hack for storing
the autallocated port and giving that port to the environment
of the executed process:
SSH_AUTOPORT=23232
the problem wouldt be solved.
here a patch against 2.9p2: (cvs-version was not compilable
on my linux-2.4.5-machine)
----------------------- snip ----------------------------------------
diff -cr openssh-2.9p2/channels.c openssh-2.9p2-patched/channels.c
*** openssh-2.9p2/channels.c Wed Jun 13 21:18:05 2001
--- openssh-2.9p2-patched/channels.c Wed Jul 4 08:18:03 2001
***************
*** 87,92 ****
--- 87,96 ----
*/
static int channel_max_fd = 0;
+ /* current return value for forwarding from automatical allocated
+ ports. goes to environmens SSH_AUTOPORT */
+ static int current_autoport = 0;
+
/* Name and directory of socket for authentication agent forwarding. */
static char *channel_forwarded_auth_socket_name = NULL;
static char *channel_forwarded_auth_socket_dir = NULL;
***************
*** 1797,1802 ****
--- 1801,1807 ----
struct linger linger;
success = 0;
+ current_autoport = 0;
if (remote_fwd) {
host = listen_address;
***************
*** 1873,1878 ****
--- 1878,1892 ----
strlcpy(channels[ch].path, host, sizeof(channels[ch].path));
channels[ch].host_port = port_to_connect;
channels[ch].listening_port = listen_port;
+ if (listen_port==0) {
+ struct sockaddr_in cli_addr;
+ int addrlen=sizeof(cli_addr);
+ if (getsockname(sock,(struct sockaddr
*)&cli_addr,&addrlen)!=0) {
+ error("getsockname: %.100s",
strerror(errno));
+ }
+ current_autoport=ntohs((u_short)cli_addr.sin_port);
+ debug("Forwarding autoport %d.",
current_autoport);
+ }
success = 1;
}
if (success == 0)
***************
*** 1962,1968 ****
* Check that an unprivileged user is not trying to forward a
* privileged port.
*/
! if (port < IPPORT_RESERVED && !is_root)
packet_disconnect("Requested forwarding of port %d but user is not
root.",
port);
#endif
--- 1976,1982 ----
* Check that an unprivileged user is not trying to forward a
* privileged port.
*/
! if (port && port < IPPORT_RESERVED && !is_root)
packet_disconnect("Requested forwarding of port %d but user is not
root.",
port);
#endif
***************
*** 2815,2818 ****
--- 2829,2836 ----
packet_put_int(c->remote_id);
packet_put_int(c->local_window);
packet_send();
+ }
+
+ int channel_get_autoport() {
+ return current_autoport;
}
diff -cr openssh-2.9p2/channels.h openssh-2.9p2-patched/channels.h
*** openssh-2.9p2/channels.h Wed Jun 13 21:18:05 2001
--- openssh-2.9p2-patched/channels.h Wed Jul 4 08:16:08 2001
***************
*** 310,314 ****
--- 310,315 ----
int x11_connect_display(void);
int channel_find_open(void);
+ int channel_get_autoport(void);
#endif
diff -cr openssh-2.9p2/session.c openssh-2.9p2-patched/session.c
*** openssh-2.9p2/session.c Sun Jun 17 05:40:51 2001
--- openssh-2.9p2-patched/session.c Wed Jul 4 08:16:54 2001
***************
*** 116,121 ****
--- 116,122 ----
/* proto 2 */
int chanid;
int is_subsystem;
+ int autoport;
};
/* func */
***************
*** 376,381 ****
--- 377,384 ----
}
debug("Received TCP/IP port forwarding request.");
channel_input_port_forward_request(s->pw->pw_uid == 0,
options.gateway_ports);
+ s->autoport=channel_get_autoport();
+
success = 1;
break;
***************
*** 1276,1281 ****
--- 1279,1289 ----
if (s->ttyfd != -1)
child_set_env(&env, &envsize, "SSH_TTY", s->tty);
+ if (s->autoport) {
+ char buffer[100];
+ snprintf(buffer,sizeof(buffer),"%d",s->autoport);
+ child_set_env(&env, &envsize, "SSH_AUTOPORT", buffer);
+ }
if (s->term)
child_set_env(&env, &envsize, "TERM", s->term);
if (s->display)
-------------------------------- snap --------------------------------------
Thanks
Peter Brueckner
--
Peter Brueckner, Brueckner&Jarosch Ing.-GmbH Erfurt, Germany 99084
Andreasstr. 37, TEL +49=361-21240.12, FAX .19, MAIL peter at bj-ig.de,-42-